File: changelog

package info (click to toggle)
schleuder 3.6.0-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 2,820 kB
  • sloc: ruby: 10,886; sh: 211; makefile: 8
file content (729 lines) | stat: -rw-r--r-- 31,258 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
schleuder (3.6.0-3) unstable; urgency=medium

  * debian/patches:
    - Pull in upstream patch to fix verifying encapsulated messages:
      monkeypatch ruby-mail-gpg to restore the use of the unaltered raw source
      of the relevant email part.
      This code was removed in a recent release of ruby-mail-gpg for yet
      unknown reasons, and uploaded to Debian via 0.4.4-1.

 -- Georg Faerber <georg@debian.org>  Thu, 29 Jul 2021 20:36:52 +0000

schleuder (3.6.0-2) unstable; urgency=medium

  * debian/control:
    - Drop obsolete version constraint of ruby-mail-gpg.
  * debian/patches:
    - Pull in upstream patch to handle GPGME::Error::Canceled.
    - Pull in upstream patch to fix preconditions of specs: Some expectations
      only worked as long as the content-transfer-encoding was not Base64.
      Some only worked if it was Quoted-Printable. Now they don't depend on
      the CTE anymore.
    - Pull in upstream patch to relax version of mail-gpg.
    - Refresh remaining patches to handle fuzz, introduced by these new
      patches.

 -- Georg Faerber <georg@debian.org>  Sun, 23 May 2021 17:32:19 +0000

schleuder (3.6.0-1.1) unstable; urgency=medium

  * Non-maintainer upload
  * improve hack to block passphrase interaction (Closes: #982627)

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 12 Feb 2021 11:55:30 -0500

schleuder (3.6.0-1) unstable; urgency=medium

  * New upstream version.
  * debian/patches:
    - Drop patch to fix email address regex, merged upstream.
    - Refresh remaining patches.

 -- Georg Faerber <georg@debian.org>  Sun, 07 Feb 2021 18:14:33 +0000

schleuder (3.5.3-3) unstable; urgency=medium

  * debian/patches:
    - Add patch to relax thor version in gemspec. (Closes: #980578)
    - Add patch to pull in changes made upstream to fix email address regex.
    - Refresh remaining patches.

 -- Georg Faerber <georg@debian.org>  Tue, 02 Feb 2021 12:41:30 +0000

schleuder (3.5.3-2) unstable; urgency=low

  * Team upload.
  * debian/.gitattributes:
    - Add to keep unwanted files out of the source package.
  * debian/.gitlab-ci.yml:
    - Drop, obsolete.
  * debian/changelog:
    - Trim trailing whitespace.
  * debian/control:
    - Bump debhelper compat level to 13.
    - Bump Standards-Version to 4.5.1, no changes required.
    - Do not recommend haveged anymore. For details and discussion, see the
      related bug report. (Closes: #960066)
    - Drop obsolete version constraints of dependencies.
    - Update team name.
  * debian/patches:
    - Adjust activerecord patch to version 6, and drop obsolete migration
      specs. (Closes: #964143)
    - Reintroduce patch to disallow the use of Tor and to enforce the use of
      the so-called "standard resolver", if running the specs and executing
      dirmngr. This was dropped in version 3.5.3-1, however, it seems, it is
      still required.
    - Refresh remaining patches.

 -- Georg Faerber <georg@debian.org>  Sun, 27 Dec 2020 19:15:38 +0000

schleuder (3.5.3-1) unstable; urgency=medium

  * New upstream version:
    - Ships fix to allow specs to run on IPv6-only machines. (Closes: #962585)
  * debian/patches:
    - Drop patch to disallow the use of Tor and to enforce the use of the
      so-called "standard resolver", if running the specs and executing
      dirmngr. This was required in the past to make dirmngr work reliably. It
      seems this is obsolete by now, however, real-world exposure on the
      Debian buildd and CI infrastructure might prove different.
    - Refresh for new release.

 -- Georg Faerber <georg@debian.org>  Sat, 13 Jun 2020 14:18:05 +0000

schleuder (3.5.2-2) unstable; urgency=medium

  * debian/tests/schleuder-api-daemon-reachable:
    - Let curl timeout after five seconds.
    - Add missing square brackets to ::1 address.
    - Fix exit code handling.

 -- Georg Faerber <georg@debian.org>  Wed, 10 Jun 2020 11:16:37 +0000

schleuder (3.5.2-1) unstable; urgency=medium

  * New upstream version 3.5.2:
    - Ships fix to let x-add-key handle a mix of inline key and non-key
      material, like a signature included in the body. (Closes: #961017)
  * debian/tests/schleuder-api-daemon-reachable:
    - Let test pass if the connection to either 127.0.0.1 or to ::1 works and
      returns the expected result. During some runs, Schleuder would only bind
      to the later. Up until now, the test only checked the former. See commit
      782a6f1c198b0fd1746ecff72860071ed80adc57 for more details.

 -- Georg Faerber <georg@debian.org>  Tue, 09 Jun 2020 23:09:41 +0000

schleuder (3.5.1-1) unstable; urgency=medium

  * New upstream version 3.5.1:
    - Ships fix for x-add-key to recognize mails with attached,
      quoted-printable encoded keys. Such mails might be produced by
      Thunderbird. (Closes: #956827)
  * debian/patches:
    - Drop obsolete patch to fix flaky migration spec, merged upstream.
    - Refresh for new release.

 -- Georg Faerber <georg@debian.org>  Wed, 15 Apr 2020 18:25:25 +0000

schleuder (3.5.0-3) unstable; urgency=medium

  * debian/control:
    - Update description according to upstream.
    - Make dependency on ruby-mail-gpg more strict: the most recent upstream
      version 0.4.3 ships breaking changes.

 -- Georg Faerber <georg@debian.org>  Thu, 09 Apr 2020 19:19:47 +0000

schleuder (3.5.0-2) unstable; urgency=medium

  * debian/patches:
    - Fix patch to relax dependency on bigdecimal in the gemspec. This change
      fixes a regression introduced via the previous upload, 3.5.0-1, which
      blocked the migration to testing, as the version provided there is still
      1.3.4. Initially, the patch allowed all versions >= 1.4.

 -- Georg Faerber <georg@debian.org>  Thu, 02 Apr 2020 15:01:34 +0000

schleuder (3.5.0-1) unstable; urgency=medium

  * New upstream version 3.5.0.
  * debian/control:
    (Build-)Depend on ruby-charlock-holmes.
  * debian/patches:
    - Drop obsolete patches to add List-Id header to admin notifications, to
      handle decryption problems and to default to ASCII-8BIT encoding, merged
      upstream.
    - Refresh remaining patches for new release.
    - Add patch to relax dependency on bigdecimal in gemspec.
    - Add patch to fix flaky migration spec.

 -- Georg Faerber <georg@debian.org>  Tue, 31 Mar 2020 23:50:14 +0000

schleuder (3.4.1-4) unstable; urgency=medium

  * debian/*:
    - Run wrap-and-sort -abt.
  * debian/patches:
    - Relax dependency on sqlite3 in gemspec. This fixes a regression
      introduced in the previous release, 3.4.1-3. (Closes: #951225)
    - Refresh existing patches, accordingly.

 -- Georg Faerber <georg@debian.org>  Thu, 13 Feb 2020 22:59:08 +0000

schleuder (3.4.1-3) unstable; urgency=medium

  * debian/control:
    - Bump Standards-Version to 4.5.0, no changes required.
  * debian/patches:
    - Add patch to bump SQLite dependency in gemspec. (Closes: #949824)
    - Refresh patch to update sinatra to remove fuzz.

 -- Georg Faerber <georg@debian.org>  Mon, 03 Feb 2020 11:07:21 +0000

schleuder (3.4.1-2) unstable; urgency=medium

  * debian/control:
    - Bump Standards-Version to 4.4.1, no changes required.
  * debian/copyright:
    - Bump years to include 2020.
  * debian/patches:
    - Pull in upstream patch to add missing List-Id header to notification
      mails sent to admins. (Closes: #948980)
    - Pull in upstream patch to handle decryption problems gracefully: Handle
      incoming mails encrypted to an absent key, using symmetric encryption or
      containing PGP-garbage in a more graceful manner: Don't throw an
      exception, don't notify (and annoy) the admins, instead inform the
      sender of the mail how to do better. (Closes: #948981)
    - Pull in upstream patch to default to ASCII-8BIT encoding. This should
      ensure Schleuder is able to handle mails with different charsets.
      (Closes: #948982)

 -- Georg Faerber <georg@debian.org>  Wed, 15 Jan 2020 16:38:14 +0000

schleuder (3.4.1-1) unstable; urgency=medium

  * New upstream version 3.4.1:
    - Fixes recognizing keywords in mails with protected headers and empty
      subject. (Closes: #940524)
    - Drops third-party signatures on keys before importing to prevent
      signature flooding. (Closes: #940526)
    - Reports an error if the argument provided to 'refresh_keys' is not an
      email address for which a list exists. (Closes: #940527)
  * debian/patches:
    - Drop patch to fix mails produced by Mutt with protected headers,
      released upstream.

 -- Georg Faerber <georg@debian.org>  Mon, 16 Sep 2019 21:09:53 +0000

schleuder (3.4.0-4) unstable; urgency=medium

  * debian/salsa-ci.yml:
    - Move CI config according to team policy.
    - Disable reprotest job, as it leads to false positives.
  * debian/tests/upstream-tests:
    - Drop relying on /dev/urandom if running the test suite in a container.
      This was introduced two years ago, to deal with limited entropy, which
      would lead to the test suite timing out, if invoked on Debian's
      autopkgtest infrastructure running on ci.debian.net.
      As noted by Gianfranco Costamagna in #939630, the specifics of this
      workaround lead to problems on armhf during tests run by Ubuntu's
      autopkgtest infrastructure.
      This change is experimental, some real world tests need to be done to
      check if the underlying problem still exist. In case, a more portable
      approach needs to be found.

 -- Georg Faerber <georg@debian.org>  Sat, 07 Sep 2019 11:39:23 +0000

schleuder (3.4.0-3) unstable; urgency=medium

  * debian/control:
    - Bump debhelper compat level to 12.
    - Bump Standards-Version to 4.4.0, no changes required.
    - Add missing Pre-Depends field to make lintian happy.
    - Use my debian.org email address.
  * debian/schleuder.schleuder-api-daemon.init:
    - Fix file name; previously, dh_installinit would fail.
  * debian/.gitlab-ci.yml:
    - Import breaking upstream changes, made by the Salsa CI team, to fix
      errors.

 -- Georg Faerber <georg@debian.org>  Wed, 24 Jul 2019 00:42:26 +0000

schleuder (3.4.0-2) unstable; urgency=medium

  * debian/patches:
    - Pull in upstream patch to handle mails with protected headers as
      introduced in Mutt 1.12.0, which was recently released. These headers
      are just contained within the plain body of a mail produced by Mutt,
      they are not further wrapped into a specifically marked MIME-part.
      Schleuder fails to handle such messages, accordingly, this patch fixes
      this behaviour. (Closes: #930870)

 -- Georg Faerber <georg@debian.org>  Fri, 21 Jun 2019 19:05:42 +0000

schleuder (3.4.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/changelog:
    - Drop trailing whitespaces.
  * debian/patches:
    - Drop nearly all, now obsolete, patches newly applied in the -7 to -10
      releases. All of them are integrated upstream, except for the patch
      which bumps the dependencies on sinatra and sinatra-contrib to ~> 2, as
      defined in the gemspec, and a patch which adapts some parts of the code
      to ruby-activerecord 5.2 as shipped in unstable and testing.
    - Refresh for new release.
  * debian/tests:
    - Rename test which checks if the API daemon is reachable after
      installation to better reflect reality.
  * debian/upstream/signing-key.asc:
    - Remove unneeded signatures.

 -- Georg Faerber <georg@riseup.net>  Thu, 14 Feb 2019 17:10:34 +0000

schleuder (3.3.0-10) unstable; urgency=medium

  * debian/control:
    - Bump build dependency on ruby-database-cleaner to >= 1.7.0~.
  * debian/patches:
    - Pull in upstream patch to not rely on relative paths in some specs.
      Loading the filters by relative paths doesn't work in the context of
      autopkgtest. In the past, this made the testsuite unreliable, as the
      success depended on the execution order of the specs.
    - Drop patch to disable flaky spec which tests signed-inline messages, to
      re-enable it.
    - Pull in upstream patch which reworks this spec to make it more reliable.
    - Unify two patches to adapt the gemspec and the specs to ruby-mail 2.7.1.
    - Refresh for new release.

 -- Georg Faerber <georg@riseup.net>  Tue, 12 Feb 2019 23:41:27 +0000

schleuder (3.3.0-9) unstable; urgency=medium

  * debian/control:
    - Drop obsolete dependency on debhelper. This is satisfied since a while
      by a build dependency on debhelper-compat.
  * debian/Rakefile:
    - Require active_record first before loading active_record code. This
      change is necessary to adapt to a recent change in rails.

 -- Georg Faerber <georg@riseup.net>  Thu, 07 Feb 2019 20:59:48 +0000

schleuder (3.3.0-8) unstable; urgency=medium

  * debian/control:
    - Bump required versions of ruby-sinatra and ruby-sinatra-contrib to
      >= 2~.
    - Add missing dependencies on ruby-mail >= 2.7.1~.
  * debian/patches:
    - Pull in upstream patch to strip HTML-part of
      multipart/alternative-messages if it contains keywords. The keywords
      aren't parsed, because Schleuder doesn't touch any HTML. In order to
      prevent the keywords from being disclosed to third parties, for example
      via resent messages, the HTML-part is completely dropped. This issue
      should be considered privacy-sensitive.
    - Add patch to disable a flaky spec, which tests signed-inline cleartext
      messages. Since some time, this formerly pretty stable spec became
      flaky. It it still unclear what causes this, ruby-mail 2.7.1 might be
      somehow related. (Closes: #919072)
    - Add patch which fixes the expected output of one spec. This spec tests
      that mails with broken UTF-8 don't raise an error. However, the fixture
      mail is empty. Schleuder rightfully doesn't deliver the mail, but
      reports it as empty. This problem became only obvious by now, using
      ruby-mail 2.7.1.
    - Add patch to bump the dependency on the mail gem, as both unstable and
      testing ship a newer major version. (Closes: #920031)
    - Add patch to bump the dependency on the sinatra and sinatra-contrib
      gems, as both unstable and testing ship newer major versions.
      This patch, and the three before, should fix the current FTBFS
      situation, and allow Schleuder to migrate to testing before the upcoming
      soft freeze.
    - Add missing .patch extension to one patch.
    - Refresh for new release.

 -- Georg Faerber <georg@riseup.net>  Tue, 05 Feb 2019 22:32:16 +0000

schleuder (3.3.0-7) unstable; urgency=medium

  * debian/control:
    - Bump dependencies on ruby-activerecord to >= 5.2~.
    - Add build dependency on ruby-rack-test. This is needed due to
      ruby-sinatra >= 2 in use.
    - Bump Standards-Version to 4.3.0, no changes necessary.
  * debian/copyright:
    - Bump years to include 2019.
  * debian/patches:
    - Pull in upstream patch to fix the expected output of two specs:
      ruby-mail 2.7.1 inserts \r additionally to \n, to mark newlines.
      (Closes: #919072)
    - Pull in upstream patch including fixes for ruby-activerecord 5.2: it
      specifies the ActiveRecord version in each migration, and adjusts the
      migrations spec to the new ActiveRecord::Migrator API.
      (Closes: #918569)
  * debian/tests/upstream-tests:
    - Check the environment, before linking /dev/random to /dev/urandom to
      deal with limited entropy, to only execute this workaround in
      environments other than the GitLab CI one. This change was necessary, to
      fix the otherwise failing autopkgtest job provided by the Salsa CI team
      due to the filesystem being read-only.
  * debian/.gitlab-ci.yml:
    - Drop custom config, rely on the Salsa CI Team.

 -- Georg Faerber <georg@riseup.net>  Mon, 04 Feb 2019 02:15:24 +0000

schleuder (3.3.0-6) unstable; urgency=medium

  * debian/changelog:
    - Fix typos.
  * debian/control:
    - Fix typo.
  * debian/patches:
    - Reintroduce dirmngr patch to disable Tor and enforce the use of the
      "standard resolver" while running the specs. It seems, that dirmngr
      still doesn't work reliably if invoked in a chroot.

 -- Georg Faerber <georg@riseup.net>  Fri, 26 Oct 2018 11:29:46 +0000

schleuder (3.3.0-5) unstable; urgency=medium

  * debian/compat:
    - Drop obsolete compat file, now handled via build dependency.
  * debian/control:
    - Add debhelper-compat as a build dependency.
    - Declare that the build doesn't need root privileges.
  * debian/patches:
    - Drop patch, which added a dirmngr config to disable the use of Tor and
      enforced the use of the so called "standard resolver" for DNS
      resolution. Older dirmngr versions were problematic in the past in this
      regard, and lead to failing specs. Further observation is needed, to
      ensure the situation changed for the better.

 -- Georg Faerber <georg@riseup.net>  Thu, 25 Oct 2018 21:49:49 +0000

schleuder (3.3.0-4) unstable; urgency=medium

  * debian/schleuder.postinst:
    - Handle upgrade from schleuder < 3.0. (Closes: #867031)
  * debian/rules:
    - Make the build verbose.
  * debian/.gitlab-ci.yml:
    - Install and start haveged, drop linking /dev/random to /dev/urandom. A
      recent change in the CI infrastructure of salsa.d.o made this necessary,
      as the former solution failed due to "read-only file system".

 -- Georg Faerber <georg@riseup.net>  Thu, 04 Oct 2018 10:07:21 +0000

schleuder (3.3.0-3) unstable; urgency=medium

  * debian/watch:
    - Ensure that the version group starts with a digit. Otherwise, uscan
      might try to pull in the schleuder-cli release tarball.

 -- Georg Faerber <georg@riseup.net>  Tue, 02 Oct 2018 09:07:06 +0000

schleuder (3.3.0-2) unstable; urgency=medium

  * debian/schleuder.postinst:
    - Fix permissions of the config which sets default values for new lists.

 -- Georg Faerber <georg@riseup.net>  Thu, 27 Sep 2018 22:52:57 +0000

schleuder (3.3.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/changelog:
    - Fix typos.
  * debian/copyright:
    - Use team@schleuder.org as upstream contact email.
    - Use HTTPS in link to GPL version 3.
    - Wrap and sort.
  * debian/control:
    - Bump Standards-Version to 4.2.1, no changes needed.
    - Use schleuder.org as upstream homepage.
    - Depend on ruby-factory-bot, instead of ruby-factory-girl, while
      building.
    - Require ruby-mail-gpg >= 0.3.3~. (Closes: #901168)
    - Require default-mta or postfix or mail-transport-agent.
    - Wrap and sort.
  * debian/patches:
    - Add patch to remove rack-test dependency, as we are not dealing with
      ruby 2.1.
    - Drop obsolete patch to fix paths, applied upstream.
    - Drop obsolete patch to bump attempts to start SKS mock, fixed upstream.
    - Refresh for new release.
  * debian/schleuder.postinst:
    - Run 'schleuder install' via 'runuser' as the schleuder user.
    - Change ownership of the '/etc/schleuder' directory to the schleuder user,
      to ensure TLS certificates can be written there.
    - Drop obsolete parts which fixed permissions and ownership of the
      SQLite database and the certificates. Instead, rely on 'schleuder
      install' to do the right thing.
    - Make configs writable by the root user, and readable by the schleuder
      user.
    - Drop 'find', introduced in the last release, in an useless attempt to
      overcome the security issues related to recursive chmod or chown.
      Instead, specific filenames and directories are used if invoking either
      chmod or chown. Thanks a lot, dkg!
    - Drop obsolete version check, which compared the to-be-installed version
      against the already installed version.
    - Finally, fix typos and intendation.
  * debian/schleuder.preinst:
    - Handle the backup directory exclusively via this file, if upgrading from
      schleuder < 3.0. Before, permissions were fixed in the 'postinst' stage.
    - Also, while at it, fix intendation.
  * debian/ruby-tests.rake:
    - Add environment variable to sleep in between SKS mock start attempts.
  * debian/schleuder.dirs:
    - Create the '/usr/local/lib/schleuder/filters' directory to enable users
      to provide their own custom filters.
    - Drop obsolete directories.
    - Wrap and sort.
  * debian/schleuder.install:
    - Wrap and sort.
  * debian/schleuder.manpages:
    - Wrap and sort.
  * debian/schleuder.schleuder-api-daemon.service:
    - Point to documentation at schleuder.org.
  * debian/watch:
    - Use schleuder.org to check for new versions.
  * debian/.gitlab-ci.yml:
    - Introduce configuration to make use of continuous integration as
      provided by salsa.debian.org.

 -- Georg Faerber <georg@riseup.net>  Thu, 27 Sep 2018 15:58:48 +0000

schleuder (3.2.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/changelog: Remove trailing whitespaces.
  * debian/compat: Bump debhelper compat level to 11.
  * debian/control:
    - Bump Standards-Version to 4.1.3, no changes needed.
    - Use salsa.debian.org in Vcs-Browser and Vcs-Git fields, as
      anonscm.debian.org is deprecated and accordingly, all repositories were
      moved.
    - Bump required debhelper version to 11~.
    - Add the propcs package as a build dependency, as some specs use
      'pgrep'.
  * debian/copyright: Bump years to include 2018 and use HTTPS in link to
    copyright format specification.
  * debian/patches:
    - Refresh for release 3.2.2-1.
    - Add patch to remove the spec which tests and expects the install to
      fail, if a shell-process fails, as it fails itself, currently. The
      discussion with upstream how to solve this in a sane way is ongoing.
    - Add patch to increase attempts to start the SKS mock keyserver which is
      used for running the specs, and the time to sleep between each attempt.
      Sometimes, the SKS mock keyserver didn't start within the given time,
      leading to failed specs. This will be fixed upstream and included in the
      next release.
    - Add patch to disable Tor and to enforce the use of the so called
      "standard resolver" for DNS resolution in dirmngr. It seems, dirmngr
      still sometimes has problems to connect to a keyserver if invoked in a
      chroot, leading to failed specs. This patch only affects the dirmngr
      configuration related to running the specs.
  * debian/Rakefile: Add new alias for database setup as used by upstream.
  * debian/{rules,s-a-d.service}: In debhelper compat level 11, the systemd
    sequence for dh was removed, and the dh_systemd_{enable,start,stop}
    helpers as well. Accordingly, drop the obsolete helpers and make use of
    the new dh_installsystemd helper.
    Moreover, if specifying '--name' for dh_installsystemd, debhelper now
    expects the systemd service file to be installed to be named as
    $package-name.$service-name.service. Accordingly, rename the service file
    of the API daemon.
  * debian/schleuder.postinst: Fix permissions of files and directories. A
    user reported upstream, that the files inside '/etc/schleuder' had the
    executable bit set.
    At the same time it was reported in bugs #889060 and #889488, that doing
    recursive chmod or chown might lead to root escalation on systems with
    'fs.protected_hardlinks=0'.
    This change fixes both problems via using 'find'. Additionally, the
    permissions are made more strict, to ensure that the directories and
    files are only accessible by the schleuder user. Before, the schleuder
    group was allowed access, too.
  * debian/watch: Update for new upstream release download location.

 -- Georg Faerber <georg@riseup.net>  Tue, 13 Feb 2018 03:24:52 +0100

schleuder (3.2.1-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - Drop unnecessary dependency on init-system-helpers, as this is an
      essential package.
    - Explicitly depend on ruby-gpgme >= 2.0.13~: Up until 2.0.12, ruby-gpgme
      suffered from a bug which lead to false constructed key capabilities. In
      2013, the bug was found and a patch was written, but it took three more
      years for the patch to be included in a release.
    - Relax required rake version. This helps with backporting schleuder to
      stretch, and ensures a minimal delta between buster and stretch.
  * debian/NEWS: Add note about how to rely on the Debian keyserver defaults.
  * debian/patches:
    - Add patch to rely on the Debian keyserver defaults in the schleuder
      config. (Closes: #852710)
    - Drop patch to disable bundler, integrated upstream.
    - Refresh for release 3.2.1-1.
  * debian/ruby-tests.rake:
    - Disable bundler and test coverage check.
    - Don't kill gpg-agent before and after running the tests, integrated
      upstream.
    - Use random path for database and lists directory to prevent known
      tmpfile attacks.
  * debian/tests:
    - Explain why we aren't using haveged anymore, and instead, why we link
      /dev/random to /dev/urandom. Please, don't do this in production!
    - Accordingly, drop obsolete dependency on haveged.
    - Checking the status of the API is now possible without authentication.
      Therefore, update the expected response if querying the API status
      during autopkgtest.

 -- Georg Faerber <georg@riseup.net>  Fri, 27 Oct 2017 18:42:56 +0200

schleuder (3.1.2-3) unstable; urgency=medium

  * debian/tests/upstream-tests: Drop starting haveged manually, because
    this doesn't work anymore, if invoked in a container. Instead, link
    /dev/random to /dev/urandom.
  * debian/ruby-tests.rake: Kill gpg-agent before and after running tests.
    This might help with making schleuder build reproducibly.

 -- Georg Faerber <georg@riseup.net>  Sat, 30 Sep 2017 14:21:38 +0200

schleuder (3.1.2-2) unstable; urgency=medium

  * debian/control:
    - Bump Standards-Version to 4.1.1.0, no changes needed.
    - Drop obsolete build dependency on 'dh-systemd'.
    - Drop obsolete 'Testsuite', this is added automatically by dpkg-source
      since dpkg 1.17.1, if a debian/tests/control file exists.

 -- Georg Faerber <georg@riseup.net>  Sat, 30 Sep 2017 09:05:32 +0200

schleuder (3.1.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/copyright:
    - Bump years to include 2017.
    - Fix upstream source location.
  * debian/control: Bump required rake version to >= 12~.
  * debian/schleuder.preinst:
    - Check for existing schleuder < 3.0 data first, before doing the backup.
    (Closes: #867031)
    - Don't use 'echo' to inform the user about the data migration process,
    but instead via a proper NEWS file.
  * debian/NEWS: Add said file with notes on how to migrate schleuder < 3.0
    data.
  * debian/patches/0003-bin-fix-require.patch: Refresh for 3.1.2-1.

 -- Georg Faerber <georg@riseup.net>  Thu, 13 Jul 2017 13:40:47 +0200

schleuder (3.1.1-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches/0001-lib-fix-paths.patch: Refresh for new release.

 -- Georg Faerber <georg@riseup.net>  Sun, 25 Jun 2017 14:58:01 +0200

schleuder (3.1.0-3) unstable; urgency=medium

  * debian/rules:
    - Install SysV init script.
    - Drop unneeded debhelper '--no-start' overrides; debhelper should
      enable and start the Schleuder API daemon.
  * debian/control:
    - Depend on lsb-base package for init-functions.
    - Fix (Build-)Depends: formatting.
    - Bump Standards-Version to 4.0.0.
  * debian/schleuder-api-daemon.init: Rework SysVinit script: Fix formatting
    and styling, add required and recommend commands status, reload,
    force-reload by Lintian.
  * debian/schleuder.cron.weekly: Refresh keys first, ignore errors and don't
    exit early. (Closes: #853836)
  * debian/schleuder.preinst: If upgrading from schleuder 2, move data to
    separate backup dir and inform the user. (Closes: #853841)
  * debian/schleuder.postinst:
    - Remove obsolete deb-systemd-helper calls, this is handled by debhelper
      now.
    - Ensure sane permissions of backup dir. (Closes: #853841)
  * debian/schleuder.postrm: Remove the backup dir if purging the package.
    (Closes: #853841)
  * debian/README.Debian: Add notes to migrate lists from schleuder 2 to 3.
    (Closes: #853841)
  * debian/patches: As data is now moved to a separate backup dir if upgrading
    from schleuder 2, drop the obsolete patching of 'schleuder install', which
    disabled the check for existing data. (Closes: #853841)

 -- Georg Faerber <georg@riseup.net>  Tue, 20 Jun 2017 13:17:00 +0200

schleuder (3.1.0-2) unstable; urgency=medium

  * debian/tests/upstream-tests: Ensure haveged is running before executing
    the upstream provided tests, which rely heavily on entropy.
  * debian/tests/control: Add 'needs-root' restriction to actually be able to
    start haveged manually. The provided init script disables the automatic
    start in containerized environments.

 -- Georg Faerber <georg@riseup.net>  Tue, 13 Jun 2017 00:28:23 +0200

schleuder (3.1.0-1) unstable; urgency=medium

  * New upstream release.
  * debian/gbp.conf: Removed, not needed anymore.
  * debian/watch: Fixed, broken due to Gitlab upgrade.

 -- Georg Faerber <georg@riseup.net>  Sat, 10 Jun 2017 19:37:40 +0200

schleuder (3.0.1-1) unstable; urgency=medium

  * New upstream release.
  * debian/schleuder.cron.weekly: Refresh keys from the keyservers.
  * debian/schleuder.{dirs,install}: Ship Postfix config file.
  * debian/patches/: Refresh for Debian schleuder release 3.0.1-1.
  * debian/control: Add dirmngr to {Build-}Depends:.
  * debian/tests/check-status: Rework check against installed API daemon. This
    is needed because of the recent upstream changes which made TLS and API
    keys mandatory.

 -- Georg Faerber <georg@riseup.net>  Thu, 26 Jan 2017 12:33:06 +0100

schleuder (3.0.0~beta17-2) unstable; urgency=medium

  * debian/control: Depend on cron or cron-daemon. (Closes: #851732)
  * debian/schleuder.postinst: Don't 'touch' database; fixed upstream.
  * debian/tests/control: Install haveged to help with entropy.
  * debian/watch: Watch 0xacab.org; the upstream repository moved.
  * debian/ruby-tests.rake: Fix and call cleanup task.

 -- Georg Faerber <georg@riseup.net>  Wed, 25 Jan 2017 15:27:28 +0100

schleuder (3.0.0~beta17-1) unstable; urgency=medium

  [ Georg Faerber ]
  * New upstream release. (Closes: #850545)
  * debian/schleuder-api-daemon.init: Add sysvinit script.
  * debian/patches: Refresh for Debian schleuder release 3.0.0~beta17-1.
  * debian/ruby-tests.rake:
    - Cover all upstream tests.
    - Remove test database to make the build reproducible.

  [ Sebastien Badia ]
  * debian/control:
    - Wrap and sort.
    - Add ruby-factory-girl as Build-Depends.
  * debian/compat: Bump debhelper compat to 10.

 -- Georg Faerber <georg@riseup.net>  Thu, 12 Jan 2017 19:52:43 +0100

schleuder (3.0.0~beta11-2) unstable; urgency=medium

  * debian/schleuder.postinst: Restart the API daemon by default
  * debian/ruby-tests.rake: Load correct Rakefile and ensure clean
    environment

 -- Georg Faerber <georg@riseup.net>  Tue, 13 Dec 2016 18:56:32 +0100

schleuder (3.0.0~beta11-1) unstable; urgency=medium

  * Initial release (Closes: #845636)

 -- Georg Faerber <georg@riseup.net>  Mon, 12 Dec 2016 16:20:50 +0100